<?php
       //Change these with your information
    $paypalmode = ''; //Sandbox for testing or empty ''

$server = "website";
$host="localhost"; // Host name
$username="z247s504_admin"; // Mysql username
$password="PxLpCd07"; // Mysql password
$database="z247s504_website"; // Mysql Database

$con = mysql_connect($host,$username,$password);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db($database, $con);

if($_POST)
{
					
        if($paypalmode=='sandbox')
        {
            $paypalmode     =   '.sandbox';
        }
		
        $req = 'cmd=' . urlencode('_notify-validate');
        foreach ($_POST as $key => $value) {
            $value = urlencode(stripslashes($value));
            $req .= "&$key=$value";
        }
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, 'https://www'.$paypalmode.'.paypal.com/cgi-bin/webscr');
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: www'.$paypalmode.'.paypal.com'));
        $res = curl_exec($ch);
        curl_close($ch);

        if (strpos($res, "VERIFIED") !== 0) 
        {
			
            $transaction_id = $_POST['txn_id'];
            $payerid = $_POST['payer_id'];
			$item_number = $_POST['item_number'];
			$item_title = $_POST['item_name'];
            $firstname = $_POST['first_name'];
            $lastname = $_POST['last_name'];
            $payeremail = $_POST['payer_email'];
            $paymentdate = $_POST['payment_date'];
            $paymentstatus = $_POST['payment_status'];
            $mdate= date('Y-m-d h:i:s',strtotime($paymentdate));
            $otherstuff = json_encode($_POST);
			$source = $_POST['custom'];
			$date = date('Y/m/d H:i:s');
			$payment_received = $_POST['mc_gross'];
			$shipping = $_POST['shipping'];

			mysql_query("INSERT INTO paypal_payments

(

transaction_id,
payment,
product_id,
product_name,
payer_id,
firstname,
lastname,
email,
payment_date,
payment_status,
source,
Shipping,
other_info

) 

VALUES

(
'$transaction_id',
'$payment_received',
'$item_number',
'$item_title',
'$payerid',
'$firstname',
'$lastname',
'$payeremail',
'$date',
'$paymentstatus',
'$source',
'$shipping',
'$otherstuff'
) 

"); 

            if($paymentstatus=="Completed")
			{
				
				$query = "SELECT * FROM saddles WHERE product_id = '$item_number'";
				$result = mysql_query($query);
				while($row = mysql_fetch_array($result))
				{
					
					$saddle_row_id = $row['id'];
					$saddle_description = $row['product_description'];
					
				}
					
            		
				mysql_query("UPDATE saddles SET 

				product_status = 'On-trial'
				WHERE product_id = '$item_number'");	
				
				/////////////////////////////
				//Email PURCHASE CONFIRMATION
				/////////////////////////////
				
				    $to      = "sean.richardson@hotmail.co.uk";
					$subject = 'Purchase confirmation';
			
					$message = file_get_contents('admin_files/emails/purchase_confirmation.html');
					$message = $change = str_replace("{CUSTOMER_NAME}", $firstname, $message);
					$message = $change = str_replace("{SADDLE_NAME}", $item_title, $message);
					$message = $change = str_replace("{SADDLE_ROW_ID}", $saddle_row_id, $message);	
					$message = $change = str_replace("{SADDLE_DESCRIPTION}", $saddle_description, $message);	
				
					$headers = "From: 24-7Saddles.com <Sales@24-7saddles.com>\r\n";
					$headers .= "MIME-Version: 1.0\r\n";
					$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

					mail($to, $subject, $message, $headers);
				
				/////
				//End
				/////		
	
			}
			
			else
			
			{
            
	
			}
        }
}
?>